Support » Plugin: iThemes Security » Login attempts to admin

  • I already removed the admin account, so there is no danger that the account can be hacked. I also added a htpasswd / htaccess protection to force an additional login. Still I get lots of lockout messages for user admin each day. How is this possible? Is the htpasswd method insecure? Does it mean the user/password of the htpasswd has been hacked?

Viewing 9 replies - 1 through 9 (of 9 total)
  • They are probably using POSTs to wp-login.php to send the requests. Did you just password protect wp-admin? It may also not be configured directly…

    Also might be worthwhile to check the database table _users manually via PHPMyAdmin or some other MySQL client. Some malware will manipulate what is shown in wp-admin, so an admin level user could exist but not be shown in wp-admin interface.

    Thread Starter eehmke

    (@eehmke)

    Here is my .htaccess content:

    # Auth protect wp-login.php
    <Files wp-login.php>
      AuthName "Passwortgeschützter Bereich"
      AuthType Basic
      AuthUserFile /var/www/wpsite/.htpasswd
      Require valid-user
    </Files>
    
    # Deny access to important files - ab Apache 2.4
    <FilesMatch "(\.htaccess|\.htpasswd|wp-config\.php)">
      Require all denied
    </FilesMatch>

    The database table is clean.

    Have you tried viewing your http access logs and correlate with the timestamps for the login warning alerts? It would help to show you more details about how your server is responding to the http request. I’m guessing you probably have already confirmed using your browser that it requests authentication when visiting /wp-admin or /wp-login.php so logs would be a good place to start IMO.

    Thread Starter eehmke

    (@eehmke)

    Thanks! Will check tomorrow.

    Thread Starter eehmke

    (@eehmke)

    It turns out the attack tried wp-login.php and xmlrpc.php. I put xmlrpc.php into my FilesMatch too, seems to work.

    Same issue, did you solve it?

    Another one with the same problem.

    Every hour, aprox I have a block from admin user.

    Also I change the admin URL and activate the Away mode but still have attemps also during the hours that are Away

    Any idea?

    • This reply was modified 3 years, 7 months ago by pivodit.

    I’m having the same problem! Changed admin URL and activated Away Mode but too emany mail notifications of site lockouts.

    • This reply was modified 3 years, 7 months ago by Shafar.
    Thread Starter eehmke

    (@eehmke)

    Since I modified my .htaccess like described above, my problem is solved.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Login attempts to admin’ is closed to new replies.